This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/beb3a8-4b72-48ec-8e04-03cce3969f9c/1/sn9U2RuOQ1wrwQLlWSSxVdSW5_4.roa
File:                     sn9U2RuOQ1wrwQLlWSSxVdSW5_4.roa (raw, json)
Hash identifier:          8JLFpcnBG6xPlIQ4AyWjjJuV8xetbTR/ok+0e12gEvw=
Subject key identifier:   B2:7F:54:D9:1B:8E:43:5C:2B:C1:02:E5:59:24:B1:55:D4:96:E7:FE
Certificate issuer:       /CN=68942e3ecb5eea792a76fadacbec01a8568e97f4
Certificate serial:       019B7DCAD29C440BBDEEEF89487AD561AE61
Authority key identifier: 68:94:2E:3E:CB:5E:EA:79:2A:76:FA:DA:CB:EC:01:A8:56:8E:97:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aJQuPste6nkqdvray-wBqFaOl_Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/beb3a8-4b72-48ec-8e04-03cce3969f9c/1/sn9U2RuOQ1wrwQLlWSSxVdSW5_4.roa
Signing time:             Fri 02 Jan 2026 08:20:02 +0000
ROA not before:           Fri 02 Jan 2026 08:20:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48498
IP address blocks:        91.211.36.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/beb3a8-4b72-48ec-8e04-03cce3969f9c/1/aJQuPste6nkqdvray-wBqFaOl_Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/beb3a8-4b72-48ec-8e04-03cce3969f9c/1/aJQuPste6nkqdvray-wBqFaOl_Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aJQuPste6nkqdvray-wBqFaOl_Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 14:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:d2:9c:44:0b:bd:ee:ef:89:48:7a:d5:61:ae:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68942e3ecb5eea792a76fadacbec01a8568e97f4
        Validity
            Not Before: Jan  2 08:20:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b27f54d91b8e435c2bc102e55924b155d496e7fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:dd:48:ed:fc:6d:df:1d:84:18:56:ee:f9:ee:
                    0e:ee:47:c0:0a:7c:24:68:74:7c:39:e0:e3:55:41:
                    9d:a1:93:4a:bb:e9:93:ee:6d:ce:a4:b1:bc:4d:d1:
                    46:a4:4d:ee:a9:97:7f:6a:89:a0:cc:d5:61:6a:9c:
                    e6:41:8e:48:cd:ca:48:94:92:3b:45:84:73:ad:e1:
                    ed:94:a5:4b:e7:7f:f3:bc:48:fc:8d:b0:4c:10:15:
                    51:0c:9c:0d:fe:af:f5:b5:0a:c4:29:83:3c:ca:7d:
                    23:40:3e:0a:65:2b:8c:2b:c0:7f:92:97:d8:ae:e7:
                    c5:17:31:f3:a7:f7:59:6f:cb:c1:6d:2a:f1:7f:73:
                    62:a9:2f:69:35:f1:f3:35:a8:2d:ed:7b:6f:22:e4:
                    2c:ef:9a:70:59:d1:60:bc:66:79:d3:eb:88:58:f2:
                    0e:ba:85:a0:9f:00:76:d9:fe:68:29:41:fc:cd:4e:
                    d2:52:fd:8b:22:96:2f:39:23:3f:9b:db:d6:55:08:
                    9b:74:8f:b4:ff:aa:53:fb:00:fe:d3:cd:31:d9:f0:
                    04:1c:a4:a6:c5:c5:52:14:e1:f3:13:c4:7e:7e:9a:
                    05:1a:3d:6d:af:9f:76:43:02:d6:4e:49:c2:2d:34:
                    69:68:de:88:44:fe:95:40:a2:73:ef:c7:5a:c9:64:
                    cc:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:7F:54:D9:1B:8E:43:5C:2B:C1:02:E5:59:24:B1:55:D4:96:E7:FE
            X509v3 Authority Key Identifier:
                keyid:68:94:2E:3E:CB:5E:EA:79:2A:76:FA:DA:CB:EC:01:A8:56:8E:97:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aJQuPste6nkqdvray-wBqFaOl_Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/beb3a8-4b72-48ec-8e04-03cce3969f9c/1/sn9U2RuOQ1wrwQLlWSSxVdSW5_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/beb3a8-4b72-48ec-8e04-03cce3969f9c/1/aJQuPste6nkqdvray-wBqFaOl_Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.211.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2c:75:4e:26:3c:95:35:d9:e8:08:63:90:d0:a3:97:39:8b:d2:
         ce:98:65:ad:47:0b:8f:c5:cd:fa:cd:c3:b0:5f:d1:2c:7e:bb:
         c4:6b:54:c8:9b:83:d0:15:73:07:19:7e:24:a5:cc:2f:0d:bf:
         4e:3b:d7:60:03:e4:8c:84:06:5e:d0:30:19:00:bb:7a:b9:97:
         17:07:7e:15:6b:4d:32:2d:ec:3d:d3:e1:8f:91:af:76:58:7c:
         a3:64:8c:56:24:c6:ac:b7:8d:8f:28:85:23:31:52:57:7a:10:
         50:a5:11:f1:4e:ad:09:02:da:48:80:8e:95:1a:82:b5:35:25:
         4a:f3:2d:8c:62:ee:b6:68:de:d8:81:be:90:6b:d3:55:4a:70:
         9c:ad:f7:6d:c6:97:b9:10:56:e1:84:cb:f9:de:05:67:a0:2b:
         8b:5e:c5:66:90:f4:0a:85:e5:61:1a:71:2d:49:b0:5e:12:36:
         de:4e:bd:c7:77:7e:a6:cf:0a:f4:48:02:18:04:f3:be:78:89:
         25:3c:37:31:b9:43:1f:ba:34:bc:c4:66:be:d2:a4:a3:4b:38:
         e6:f4:78:da:1c:3e:40:71:b2:14:ca:e8:b3:21:bc:46:9e:3f:
         a5:27:cf:ef:23:fe:07:11:22:3c:7e:05:f9:f1:3f:8f:5f:57:
         25:2e:01:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9ytKcRAu97u+JSHrVYa5hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4OTQyZTNlY2I1ZWVhNzkyYTc2ZmFkYWNiZWMwMWE4NTY4
ZTk3ZjQwHhcNMjYwMTAyMDgyMDAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjdmNTRkOTFiOGU0MzVjMmJjMTAyZTU1OTI0YjE1NWQ0OTZlN2ZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwN1I7fxt3x2EGFbu+e4O7kfACnwk
aHR8OeDjVUGdoZNKu+mT7m3OpLG8TdFGpE3uqZd/aomgzNVhapzmQY5IzcpIlJI7
RYRzreHtlKVL53/zvEj8jbBMEBVRDJwN/q/1tQrEKYM8yn0jQD4KZSuMK8B/kpfY
rufFFzHzp/dZb8vBbSrxf3NiqS9pNfHzNagt7XtvIuQs75pwWdFgvGZ50+uIWPIO
uoWgnwB22f5oKUH8zU7SUv2LIpYvOSM/m9vWVQibdI+0/6pT+wD+080x2fAEHKSm
xcVSFOHzE8R+fpoFGj1tr592QwLWTknCLTRpaN6IRP6VQKJz78dayWTM5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLJ/VNkbjkNcK8EC5VkksVXUluf+MB8GA1UdIwQY
MBaAFGiULj7LXup5Knb62svsAahWjpf0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUpRdVBzdGU2bmtxZHZyYXktd0JxRmFPbF9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC9iZWIzYTgtNGI3Mi00OGVjLThlMDQt
MDNjY2UzOTY5ZjljLzEvc245VTJSdU9RMXdyd1FMbFdTU3hWZFNXNV80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC9iZWIzYTgtNGI3Mi00OGVjLThlMDQtMDNjY2UzOTY5Zjlj
LzEvYUpRdVBzdGU2bmtxZHZyYXktd0JxRmFPbF9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW9MkMA0G
CSqGSIb3DQEBCwUAA4IBAQAsdU4mPJU12egIY5DQo5c5i9LOmGWtRwuPxc36zcOw
X9EsfrvEa1TIm4PQFXMHGX4kpcwvDb9OO9dgA+SMhAZe0DAZALt6uZcXB34Va00y
Lew90+GPka92WHyjZIxWJMast42PKIUjMVJXehBQpRHxTq0JAtpIgI6VGoK1NSVK
8y2MYu62aN7Ygb6Qa9NVSnCcrfdtxpe5EFbhhMv53gVnoCuLXsVmkPQKheVhGnEt
SbBeEjbeTr3Hd36mzwr0SAIYBPO+eIklPDcxuUMfujS8xGa+0qSjSzjm9HjaHD5A
cbIUyuizIbxGnj+lJ8/vI/4HESI8fgX58T+PX1clLgH3
-----END CERTIFICATE-----